FlashSploit : Exploitation Framework For ATtiny85 Based HID Attacks

Flashsploit is an Exploitation Framework for Attacks using ATtiny85 HID Devices such as Digispark USB Development Board, flashsploit generates Arduino IDE Compatible (.ino) Scripts based on User Input and then Starts a Listener in Metasploit-Framework if Required by the Script, in Summary : Automatic Script Generation with Automated msfconsole.

Windows

Data Exfiltration

  • Extract all WiFi Passwords and Uploads an XML to SFTP Server | YouTube :
  • Extract Network Configuration Information of Target System and Uploads to SFTP Server | YouTube :
  • Extract Passwords and Other Critical Information using Mimikatz and Uploads to SFTP Server | YouTube :

Also Read – Intrigue Core : Discover Your Attack Surface

Reverse Shells

  • Get Reverse Shell by Abusing Microsoft HTML Apps (mshta) | YouTube :
  • Get Reverse Shell by Abusing Certification Authority Utility (certutil)
  • Get Reverse Shell by Abusing Windows Script Host (csript)
  • Get Reverse Shell by Abusing Windows Installer (msiexec)
  • Get Reverse Shell by Abusing Microsoft Register Server Utility (regsvr32)

Miscellaneous

  • Change Wallpaper of Target Machine | YouTube :
  • Make Windows Unresponsive using a .bat Script (100% CPU and RAM usage)
  • Drop and Execute a File of your Choice, a ransomware maybe? 😉
  • Disable Windows Defender Service on Target Machine

Tested on

  • Kali Linux 2019.2
  • BlackArch Linux

Dependencies

Flashsploit Depends upon 4 Packages which are Generally Pre-installed in Major Pentest OS :

  • Metasploit-Framework
  • Python 3
  • SFTP
  • PHP

If you think I should still make an Install Script, Open an issue.

Usage

git clone https://github.com/thewhiteh4t/flashsploit.git
cd flashsploit
python3 flashsploit.py

R K

Recent Posts

What is SIEM? Complete Guide to Security Information and Event Management

Introduction As cyber threats grow more sophisticated, organizations need more than just firewalls and antivirus…

2 hours ago

Website OSINT: Tools and Techniques for Reconnaissance

Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…

14 hours ago

Top OSINT Tools to Find Emails, Usernames and Passwords

Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…

1 day ago

Google Dorking in Cybersecurity: A Complete Guide

Introduction In the vast ocean of the internet, the most powerful tool you already have…

2 days ago

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

2 weeks ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

2 weeks ago